aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2014-10-18 23:30:33 -0700
committerAndreas Schneider <asn@cryptomilk.org>2017-10-29 15:49:12 +0100
commit538f1bc00ee1d63e6e8f8c223291580d6a916617 (patch)
tree505b0f0c475f33bfefd960699a2b6e5c820774e1 /src
parentf0ddde48262a2f6b71dda3b9718b1f216448060d (diff)
downloadlibssh-538f1bc00ee1d63e6e8f8c223291580d6a916617.tar.gz
libssh-538f1bc00ee1d63e6e8f8c223291580d6a916617.tar.xz
libssh-538f1bc00ee1d63e6e8f8c223291580d6a916617.zip
server: expose 'ssh_server_init_kex' API
Expose an API 'ssh_server_init_kex' which allows one to change the set of key exchange, hostkey, ciphers, MACs, and compression algorithms currently configured for the ssh_session at hand, after having started the 'ssh_handle_key_exchange' process. One can use this API from the already-existing 'connect_status_function' callback to dynamically modify the set of algorithms used after having received the client banner, but before sending out the initial KEXINIT message. For example, one might want to prevent advertising the curve25519 key exchange algorithm for older OpenSSH clients due to interop bugs. Fixes T25 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/server.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/src/server.c b/src/server.c
index 25fdd0c5..b2552eaa 100644
--- a/src/server.c
+++ b/src/server.c
@@ -75,12 +75,12 @@ static int dh_handshake_server(ssh_session session);
*/
/** @internal
- * This functions sets the Key Exchange protocols to be accepted
- * by the server. They depend on
- * -What the user asked (via options)
- * -What is available (keys)
- * It should then accept the intersection of what the user asked
- * and what is available, and return an error if nothing matches
+ *
+ * @brief initialize the set of key exchange, hostkey, ciphers, MACs, and
+ * compression algorithms for the given ssh_session
+ *
+ * The selection of algorithms and keys used are determined by the
+ * options that are currently set in the given ssh_session structure.
*/
static int server_set_kex(ssh_session session) {
@@ -149,6 +149,21 @@ static int server_set_kex(ssh_session session) {
return 0;
}
+int ssh_server_init_kex(ssh_session session) {
+ int i;
+
+ if (session->session_state > SSH_SESSION_STATE_BANNER_RECEIVED) {
+ return SSH_ERROR;
+ }
+
+ /* free any currently-set methods: server_set_kex will allocate new ones */
+ for (i = 0; i < 10 /* SSH_KEX_METHODS */; i++) {
+ SAFE_FREE(session->next_crypto->server_kex.methods[i]);
+ }
+
+ return server_set_kex(session);
+}
+
/** @internal
* @brief parse an incoming SSH_MSG_KEXDH_INIT packet and complete
* key exchange